How to configure cygwin git to work behind proxy?

Question

I am using Windows 7 x64.

I have installed Git for Windows and cygwin's git.

These are the installed versions for Git for Windows:

user@machine MINGW64 ~
$ uname -a
MINGW64_NT-6.1 machine 2.4.0(0.292/5/3) 2016-01-05 14:13 x86_64 Msys

user@machine MINGW64 ~
$ git --version
git version 2.7.0.windows.1

user@machine MINGW64 ~
$ curl --version
curl 7.46.0 (x86_64-w64-mingw32) libcurl/7.46.0 OpenSSL/1.0.2e lib/1.2.8 libidn/1.32 libssh2/1.6.0 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz TLS-SRP

These are the installed versions for cygwin:

user > ~ > uname -a
CYGWIN_NT-6.1 machine 2.4.0(0.293/5/3) 2016-01-15 16:16 x86_64 Cygwin
user > ~ > git --version
git version 2.7.0
user > ~ > curl --version
curl 7.45.0 (x86_64-unknown-cygwin) libcurl/7.45.0 OpenSSL/1.0.2e zlib/1.2.8 libidn/1.29 libssh2/1.5.0
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets Metalink

This is my .gitconfig regarding http.proxy in both installations:

[http]
    proxy = https://:@evilcorp.proxy.com:8080

I can clone with Git for Windows:

user@machine MINGW64 ~
$ git config --get http.proxy
https://:@evilcorp.proxy.com:8080

user@machine MINGW64 ~
$ git clone https://github.com/vim/vim
Cloning into 'vim'...
remote: Counting objects: 53744, done.
remote: Total 53744 (delta 0), reused 0 (delta 0), pack-reused 53744
Receiving objects: 100% (53744/53744), 41.26 MiB | 453.00 KiB/s, done.
Resolving deltas: 100% (45107/45107), done.
Checking connectivity... done.
Checking out files: 100% (2661/2661), done.

But I get an authentication 407 error with cygwin's git:

user > ~ > git config --get http.proxy
https://:@evilcorp.proxy.com:8080
user > ~ > git clone https://github.com/vim/vim
Cloning into 'vim'...
fatal: unable to access 'https://github.com/vim/vim/': Received HTTP code 407 from proxy after CONNECT

Setting the username and password in the proxy string does not change the result.

I have found this on the cywin mailing list which looks related to that problem

http://thread.gmane.org/gmane.os.cygwin/155039 .

How can I fix that?

Here is additional logging. It also shows that curl works with --proxy-ntlm

MINGW64:

username@machine MINGW64 /

$ curl -U :--proxy-ntlm --proxy rwestproxy-neurathdc.rwe.com:8080 http://www.google.com

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   258  100   258    0     0   2744      0 --:--:-- --:--:-- --:--:--  3307<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>

The document has moved

<A HREF="http://www.google.de/?gfe_rd=cr&amp;ei=uQugVqvzI_Dt8wfUpKC4Bw">here</A>.

</BODY></HTML>

username@machine MINGW64 /
$ curl http://www.google.com

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                               Dload  Upload   Total   Spent    Left  Speed

0     0    0     0    0     0      0      0 --:--:--  0:00:30 --:--:--     0



username@machine MINGW64 ~
$ export GIT_CURL_VERBOSE=1

username@machine MINGW64 ~
$ export GIT_TRACE=1

username@machine MINGW64 ~
$ git config --get http.proxy
23:40:02.125128 git.c:348               trace: built-in: git 'config' '--get' 'http.proxy'
https://:@evilcorp.proxy.com:8080

username@machine MINGW64 ~
$ git clone https://github.com/Shougo/vimproc.vim
23:41:30.617391 git.c:348               trace: built-in: git 'clone' 'https://github.com/Shougo/vimproc.vim'
Cloning into 'vimproc.vim'...
23:41:40.522502 run-command.c:343       trace: run_command: 'git-remote-https' 'origin' 'https://github.com/Shougo/vimproc.vim'
* Couldn't find host github.com in the _netrc file; using defaults
* timeout on name lookup is not supported
*   Trying 10.88.253.20...
* Connected to evilcorp.proxy.com (10.88.253.20) port 8080 (#0)
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
User-Agent: git/2.7.0.windows.1
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 authenticationrequired
< Date: Wed, 20 Jan 2016 22:41:42 GMT
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 18471
< Proxy-Connection: Keep-Alive
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Basic realm="Web Gateway"
<
* Ignore 18471 bytes of response-body
* TUNNEL_STATE switched to: 0
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
User-Agent: git/2.7.0.windows.1
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 authenticationrequired
< Date: Wed, 20 Jan 2016 22:41:42 GMT
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 18471
< Proxy-Connection: Keep-Alive
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Basic realm="Web Gateway"
<
* Ignore 18471 bytes of response-body
* TUNNEL_STATE switched to: 0
* Establish HTTP proxy tunnel to github.com:443
* Proxy auth using Negotiate with user ''
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
Proxy-Authorization: Negotiate YIImIwYGKwYBBQUCoIImFzCCJhOgMDAuBgkqhkiC9xIBAgIGCSqGSIb3nFeMQ+30vz6ZGa78Uk=
User-Agent: git/2.7.0.windows.1
Proxy-Connection: Keep-Alive

< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*        subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=5157550; street=548 4th Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
*        start date: Apr  8 00:00:00 2014 GMT
*        expire date: Apr 12 12:00:00 2016 GMT
*        subjectAltName: github.com matched
*        issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*        SSL certificate verify ok.
> GET /Shougo/vimproc.vim/info/refs?service=git-upload-pack HTTP/1.1
Host: github.com
User-Agent: git/2.7.0.windows.1
Accept: */*
Accept-Encoding: gzip
Accept-Language: en-US, *;q=0.9
Pragma: no-cache

< HTTP/1.1 200 OK
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-advertisement
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: C19BC295:3ACA:C1B117:56A00D26
< X-Frame-Options: DENY
<
* Closing connection 0
23:41:45.326871 run-command.c:343       trace: run_command: 'fetch-pack' '--stateless-rpc' '--stdin' '--lock-pack' '--thin' '--check-self-contained-and-connected' '--cloning' 'https://github.com/Shougo/vimproc.vim/'
23:41:46.839935 git.c:348               trace: built-in: git 'fetch-pack' '--stateless-rpc' '--stdin' '--lock-pack' '--thin' '--check-self-contained-and-connected' '--cloning' 'https://github.com/Shougo/vimproc.vim/'
* Couldn't find host github.com in the _netrc file; using defaults
* timeout on name lookup is not supported
* Hostname evilcorp.proxy.com was found in DNS cache
*   Trying 10.88.253.20...
* Connected to evilcorp.proxy.com (10.88.253.20) port 8080 (#1)
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
User-Agent: git/2.7.0.windows.1
Proxy-Connection: Keep-Alive

< HTTP/1.1 407 authenticationrequired
< Date: Wed, 20 Jan 2016 22:42:12 GMT
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 18471
< Proxy-Connection: Keep-Alive
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Basic realm="Web Gateway"
<
* Ignore 18471 bytes of response-body
* TUNNEL_STATE switched to: 0
* Establish HTTP proxy tunnel to github.com:443
* Proxy auth using Negotiate with user ''
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
Proxy-Authorization: Negotiate YIImIwYGKwYBBQUCoIImFzCCJhOgMDAuBgkqhkiC9xIBAgIGCSqGSIb3nFeMQ+30vz6ZGa78Uk=
User-Agent: git/2.7.0.windows.1
Proxy-Connection: Keep-Alive

< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
  CApath: none
* SSL re-using session ID
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* old SSL session ID is stale, removing
* Server certificate:
*        subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=5157550; street=548 4th Street; postalCode=94107; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
*        start date: Apr  8 00:00:00 2014 GMT
*        expire date: Apr 12 12:00:00 2016 GMT
*        subjectAltName: github.com matched
*        issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*        SSL certificate verify ok.
> POST /Shougo/vimproc.vim/git-upload-pack HTTP/1.1
Host: github.com
User-Agent: git/2.7.0.windows.1
Accept-Encoding: gzip
Content-Type: application/x-git-upload-pack-request
Accept: application/x-git-upload-pack-result
Content-Encoding: gzip
Content-Length: 641

* upload completely sent off: 641 out of 641 bytes
< HTTP/1.1 200 OK
< Server: GitHub Babel 2.0
< Content-Type: application/x-git-upload-pack-result
< Transfer-Encoding: chunked
< Expires: Fri, 01 Jan 1980 00:00:00 GMT
< Pragma: no-cache
< Cache-Control: no-cache, max-age=0, must-revalidate
< Vary: Accept-Encoding
< X-GitHub-Request-Id: C19BC295:3ACD:F59317:56A00D44
< X-Frame-Options: DENY
<
remote: Counting objects: 5309, done.
23:42:12.951991 run-command.c:343       trace: run_command: 'index-pack' '--stdin' '-v' '--fix-thin' '--keep=fetch-pack 2380 on machine' '--check-self-contained-and-connected' '--pack_header=2,5309'
23:42:14.527450 git.c:348               trace: built-in: git 'index-pack' '--stdin' '-v' '--fix-thin' '--keep=fetch-pack 2380 on machine' '--check-self-contained-and-connected' '--pack_header=2,5309'
* Closing connection 1% (5257/5309), 1.46 MiB | 31.00 KiB/s
remote: Total 5309 (delta 0), reused 0 (delta 0), pack-reused 5309
Receiving objects: 100% (5309/5309), 1.48 MiB | 34.00 KiB/s, done.
Resolving deltas: 100% (2966/2966), done.
Checking connectivity... 23:44:26.896821 run-command.c:343       trace: run_command: 'rev-list' '--objects' '--stdin' '--not' '--all'
23:44:28.472249 git.c:348               trace: built-in: git 'rev-list' '--objects' '--stdin' '--not' '--all'
done.
Checking out files: 100% (42/42), done.

Cygwin:

username > ~ > curl -U :--proxy-ntlm --proxy rwestproxy-neurathdc.rwe.com:8080 http://www.google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.de/?gfe_rd=cr&amp;ei=ChSgVuS5OeqG8QflgJzwAQ">here</A>.
</BODY></HTML>
username > ~ > curl http://www.google.com

username > ~ > 130 >
username > ~ > export GIT_TRACE=1
username > ~ > git config --get http.proxy
23:43:52.408979 git.c:348               trace: built-in: git 'config' '--get' 'http.proxy'
https://:@evilcorp.proxy.com:8080
username > ~ > git clone https://github.com/Shougo/viproc.vim
23:44:57.672267 git.c:348               trace: built-in: git 'clone' 'https://github.com/Shougo/viproc.vim'
Cloning into 'viproc.vim'...
23:44:57.719062 run-command.c:343       trace: run_command: 'git-remote-https' 'origin' 'https://github.com/Shougo/viproc.vim'
* STATE: INIT => CONNECT handle 0x60009b480; line 1090 (connection #-5000)
* Couldn't find host github.com in the .netrc file; using defaults
* Added connection 0. The cache now contains 1 members
*   Trying 10.88.253.20...
* STATE: CONNECT => WAITCONNECT handle 0x60009b480; line 1143 (connection #0)
* Connected to evilcorp.proxy.com (10.88.253.20) port 8080 (#0)
* STATE: WAITCONNECT => WAITPROXYCONNECT handle 0x60009b480; line 1240 (connection #0)
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
User-Agent: git/2.7.0
Proxy-Connection: Keep-Alive

* Read response immediately from proxy CONNECT
< HTTP/1.1 407 authenticationrequired
< Date: Wed, 20 Jan 2016 22:44:57 GMT
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 18471
< Proxy-Connection: Keep-Alive
< Proxy-Authenticate: Negotiate
< Proxy-Authenticate: Basic realm="Web Gateway"
<
* Ignore 18471 bytes of response-body
* TUNNEL_STATE switched to: 0
* Establish HTTP proxy tunnel to github.com:443
> CONNECT github.com:443 HTTP/1.1
Host: github.com:443
User-Agent: git/2.7.0
Proxy-Connection: Keep-Alive

* Read response immediately from proxy CONNECT
< HTTP/1.1 407 authenticationrequired
< Date: Wed, 20 Jan 2016 22:44:57 GMT
< Content-Type: text/html
< Cache-Control: no-cache
< Content-Length: 18471
< Proxy-Connection: Keep-Alive
< Proxy-Authenticate: Negotiate
* gss_init_sec_context() failed: : SPNEGO cannot find mechanisms to negotiate
< Proxy-Authenticate: Basic realm="Web Gateway"
<
* Received HTTP code 407 from proxy after CONNECT
* Expire cleared
* Curl_done
* Closing connection 0
* The cache now contains 0 members
fatal: unable to access 'https://github.com/Shougo/viproc.vim/': Received HTTP code 407 from proxy after CONNECT

Answer 1

When I need to go through our company proxy and a tool has issues with authentication, I start my local Cntlm proxy .
The Cntlm proxy is able to authenticate with your credentials against your corporate proxy.

Then just use the Cntlm instance running at localhost:5865 as proxy.